To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.generalOpen lugnet.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 General / 31117
31116  |  31118
Subject: 
Re: Email Authentication - Why not make it optional?
Newsgroups: 
lugnet.admin.nntp, lugnet.general
Date: 
Wed, 20 Jun 2001 05:13:52 GMT
Viewed: 
106 times
  
In lugnet.admin.nntp, Ross Crawford writes:
In lugnet.admin.nntp, Lindsay Frederick Braun writes:
In lugnet.admin.nntp, Kyle D. Jackson writes:
Because it still allows an unauthorized person to post to LUGNET.
The point wasn't to protect people who didn't want to be cloned.  It
was to keep out people who weren't authorized to post.  In our most
famous case, we have a person who had been banned from LUGNET, but
continued to post here, disrupting things, attacking other users,
and making outright threats.  If authentication were optional that
person could continue to post.

  Right.  And it's not isolated--ask any of the few people who
  actually frequent the entire server, and they'll tell you.
  Best not to wait for a full-blown hurricane before installing
  seawalls.

But a seawall's not gonna help you against an earthquake...

It was hurricane season so a seawall was what was needed. If and when there
is an earthquake likely that would be the time to do things to earthquake proof.

  Anyways, I'm happy about the development.  The circumstances
  of its implementation are less than pleasant, but it's no big
  hassle and a welcome sense of security.  (And another reason to
  register--log in and authentication isn't necessary!)

...if you use the web to post. Most of the people complaining use email or a
newsreader to post, for which there's no way to "log on".

They should consider switching to the web mechanism or putting up with the
inconvenience, while Todd, who I feel is extremely clever, and who said he
was thinking about ways to help, comes up with mechanisms to ameliorate
their plight. Not that I think it's much of a plight, actually, but then I
use the web interface exclusively now, while I am logged in, so for me it is
zero impact except perhaps a slightly longer time to post (not that I have
actually seen it, I suspect it adds milliseconds at most).

And the current method seems quite hard to break. I don't want to kick off a
lot of speculation about how to defeat it but I'm pretty satisfied that it
would be very difficult to defeat unless the spoofer has access to the email
account of the person he is spoofing, or unless the spoofer has access to
the password of a member. (and you may recall now that I complained
vociferously that the password algorithm was rejecting all my easy passwords
and only allowing hard to crack ones. Guess what? I was wrong about that. I
am glad the password algorithm that filters out new passwords as insecure is
as picky as it is... )

To Brad's original "just ignore it" suggestion: We tried that. The consensus
was that it didn't work. Our spoofer was just too disruptive.

++Lar



Message has 3 Replies:
  Re: Email Authentication - Why not make it optional?
 
(...) 8?) But life will be miserable if the earthquake hits with little or no warning. (...) So in other words, one annoying person has effectively forced many others to put up with an unnecessary (until now) inconvenience. I also use the web, and (...) (23 years ago, 20-Jun-01, to lugnet.admin.nntp, lugnet.general)
  Re: Email Authentication - Why not make it optional?
 
"Larry Pieniazek" <lpieniazek@mercator.com> skrev i meddelandet news:GF7qJ4.6BM@lugnet.com... (...) a (...) Perhaps the (logged in) ones using the web interface should keep quite a while, to give the mail and NNTP (and slow modems in general) users (...) (23 years ago, 20-Jun-01, to lugnet.admin.nntp, lugnet.general)
  Re: Email Authentication - Why not make it optional?
 
Hello Larry, hello everybody, (...) Let me first thank you for being one of those guys who try to keep a fair eye on all sides - Tood's, who continues to volunteer and make LUGNET an ever better place to be. - The Web Interface users, who, indeed, (...) (23 years ago, 20-Jun-01, to lugnet.admin.nntp)

Message is in Reply To:
  Re: Email Authentication - Why not make it optional?
 
(...) But a seawall's not gonna help you against an earthquake... (...) ...if you use the web to post. Most of the people complaining use email or a newsreader to post, for which there's no way to "log on". ROSCO (23 years ago, 20-Jun-01, to lugnet.admin.nntp, lugnet.general)

42 Messages in This Thread:



















Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    

Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR